diff options
| author | phk <phk@FreeBSD.org> | 1998-04-15 16:41:14 +0000 |
|---|---|---|
| committer | phk <phk@FreeBSD.org> | 1998-04-15 16:41:14 +0000 |
| commit | 1ceef06f4152c24e9d98521d5986288ad9a91529 (patch) | |
| tree | 24accf37f6caf2adbd7cf2c97dd83be45d047c10 /etc | |
| parent | 2e0f496de306a87ac3dafbea544cbf99303dc095 (diff) | |
| download | FreeBSD-src-1ceef06f4152c24e9d98521d5986288ad9a91529.zip FreeBSD-src-1ceef06f4152c24e9d98521d5986288ad9a91529.tar.gz | |
Better RFC1918 network protection
PR: 6278
Reviewed by: phk
Submitted by: Ruslan Ermilov <ru@ucb.crimea.ua>
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/rc.firewall | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/etc/rc.firewall b/etc/rc.firewall index f834e47..444572f 100644 --- a/etc/rc.firewall +++ b/etc/rc.firewall @@ -1,6 +1,6 @@ ############ # Setup system for firewall service. -# $Id: rc.firewall,v 1.15 1997/10/21 00:54:08 danny Exp $ +# $Id: rc.firewall,v 1.16 1998/02/10 01:45:47 adam Exp $ if [ -f /etc/rc.conf ]; then . /etc/rc.conf @@ -140,8 +140,11 @@ elif [ "${firewall_type}" = "simple" ]; then # Stop RFC1918 nets on the outside interface $fwcmd add deny all from 192.168.0.0:255.255.0.0 to any via ${oif} + $fwcmd add deny all from any to 192.168.0.0:255.255.0.0 via ${oif} $fwcmd add deny all from 172.16.0.0:255.240.0.0 to any via ${oif} + $fwcmd add deny all from any to 172.16.0.0:255.240.0.0 via ${oif} $fwcmd add deny all from 10.0.0.0:255.0.0.0 to any via ${oif} + $fwcmd add deny all from any to 10.0.0.0:255.0.0.0 via ${oif} # Allow TCP through if setup succeeded $fwcmd add pass tcp from any to any established |
